Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Zentom System Guard HELP

Started by Brandy Finley , Oct 20 2011 05:07 PM

Please log in to reply

#1
Brandy Finley

Posted 20 October 2011 - 05:07 PM

Member

Member
11 posts

I was browsing the web for graphics. I was on a site for myspace graphics. I noticed in the taskbar taskmanager.exe flashing and I know I didn't request it so I cancelled it. Next thing I know I have a program pop up scanning my computer and an icon for Zentom System Guard on my desktop. I tried uninstalling it but it is not listed in the add/remove programs. Now everytime I boot up my laptop it starts scanning when I try to exit it it wants me to activate it and wil not leave my screen. I got a pop up that my system needed cleaned from Microsoft Security Essentials. I ran the clean up.
This is my OTL scan :

OTL logfile created on: 10/20/2011 6:11:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brandy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 51.24% Memory free
3.74 Gb Paging File | 2.80 Gb Available in Paging File | 74.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.71 Gb Total Space | 109.80 Gb Free Space | 79.16% Space Free | Partition Type: NTFS
Drive D: | 10.33 Gb Total Space | 1.46 Gb Free Space | 14.14% Space Free | Partition Type: NTFS
Drive G: | 232.89 Gb Total Space | 188.61 Gb Free Space | 80.99% Space Free | Partition Type: NTFS

Computer Name: BRANDY-PC | User Name: Brandy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/20 18:09:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brandy\Desktop\OTL.exe
PRC - [2011/10/20 17:30:11 | 002,105,344 | ---- | M] (©mySYStems) -- C:\Users\Brandy\AppData\Roaming\7601EDE860C62B483F6A38F30E6CEE14\senrmodk70.exe
PRC - [2011/10/19 12:22:39 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/15 01:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/01/11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/04/11 08:18:35 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/19 12:10:25 | 001,603,072 | ---- | M] () -- C:\Users\Brandy\AppData\LocalLow\FCTB000062781\Toolbar\Toolbar.dll
MOD - [2011/10/19 12:10:25 | 001,603,072 | ---- | M] () -- C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll
MOD - [2011/10/19 12:10:25 | 000,361,472 | ---- | M] () -- C:\Users\Brandy\AppData\LocalLow\FCTB000062781\Toolbar\Helper.dll
MOD - [2011/10/19 12:10:25 | 000,361,472 | ---- | M] () -- C:\Program Files\Gamers Unite! Snag Bar\Helper.dll
MOD - [2011/09/27 23:55:02 | 000,366,592 | ---- | M] () -- C:\Users\Brandy\AppData\LocalLow\FCTB000062781\Toolbar\RSSReader_plugin.dll
MOD - [2011/07/01 20:53:38 | 000,395,264 | ---- | M] () -- C:\Users\Brandy\AppData\LocalLow\FCTB000062781\Toolbar\RadioPlugin.dll
MOD - [2011/07/01 20:53:10 | 000,219,136 | ---- | M] () -- C:\Users\Brandy\AppData\LocalLow\FCTB000062781\Toolbar\SearchComponent.dll
MOD - [2011/07/01 20:52:42 | 000,274,432 | ---- | M] () -- C:\Users\Brandy\AppData\LocalLow\FCTB000062781\Toolbar\bookmarksplugin.dll
MOD - [2011/07/01 20:52:24 | 000,480,768 | ---- | M] () -- C:\Users\Brandy\AppData\LocalLow\FCTB000062781\Toolbar\emailchecker_plugin.dll
MOD - [2011/07/01 20:52:02 | 000,281,088 | ---- | M] () -- C:\Users\Brandy\AppData\LocalLow\FCTB000062781\Toolbar\weatherplugin.dll
MOD - [2011/07/01 20:51:44 | 000,294,400 | ---- | M] () -- C:\Users\Brandy\AppData\LocalLow\FCTB000062781\Toolbar\msgboxplugin.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/10/20 17:34:19 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{11E83E0C-2E56-4825-ACEA-A2E7D5269C61}\MpKsl4b7cb1d4.sys -- (MpKsl4b7cb1d4)
DRV - [2011/10/20 12:47:31 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{11E83E0C-2E56-4825-ACEA-A2E7D5269C61}\MpKslfac455c4.sys -- (MpKslfac455c4)
DRV - [2011/06/15 03:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/10 10:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/24 22:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/10/18 14:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/05/30 15:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

[2011/10/19 13:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandy\AppData\Roaming\Mozilla\Extensions
[2011/10/19 13:33:05 | 000,000,000 | ---D | M] (Browser UI Enhancement) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{567F62D2-2162-43FE-A573-E5620D0934B2}
[2011/10/19 13:33:02 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
[2011/10/19 13:33:00 | 000,000,000 | ---D | M] (Software Update Checker) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{F5CEF9AD-F6AF-4B69-AB6D-936BF6BCB6D7}
[2011/10/19 13:33:10 | 000,000,000 | ---D | M] (CometMarks Bookmark Synchronizer) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\[email protected]
[2011/10/19 13:33:09 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\BRANDY\APPDATA\ROAMING\COMETNETWORK\COMETBIRD\PROFILES\8ADQ4P59.DEFAULT\EXTENSIONS\{AFE43E80-0ABC-4DF2-81A0-3FE44B74ABE8}.XPI
() (No name found) -- C:\USERS\BRANDY\APPDATA\ROAMING\COMETNETWORK\COMETBIRD\PROFILES\8ADQ4P59.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BRANDY\APPDATA\ROAMING\COMETNETWORK\COMETBIRD\PROFILES\8ADQ4P59.DEFAULT\EXTENSIONS\{F18CE681-59C6-4A25-8ECB-E3E0FD7FBB44}.XPI
() (No name found) -- C:\USERS\BRANDY\APPDATA\ROAMING\COMETNETWORK\COMETBIRD\PROFILES\8ADQ4P59.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Gamers Unite! Snag Bar BHO) - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [senrmodk70.exe] C:\Users\Brandy\AppData\Roaming\7601EDE860C62B483F6A38F30E6CEE14\senrmodk70.exe (©mySYStems)
O4 - HKCU..\RunOnce: [*auditobjxml.exe] "C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\auditobjxml.exe" File not found
O4 - HKCU..\RunOnce: [*filebasebridge.exe] C:\Users\Brandy\filebasebridge.exe (©mySYStems)
O4 - Startup: C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk = C:\Users\Brandy\AppData\Roaming\7601EDE860C62B483F6A38F30E6CEE14\senrmodk70.exe (©mySYStems)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{873A920F-CD95-434F-B1E4-B75EA9A9CD62}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/20 18:09:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brandy\Desktop\OTL.exe
[2011/10/20 17:45:20 | 000,209,920 | ---- | C] (©mySYStems) -- C:\Users\Brandy\filebasebridge.exe
[2011/10/20 17:30:09 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\7601EDE860C62B483F6A38F30E6CEE14
[2011/10/20 17:29:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Users\Brandy\taskmgr.exe
[2011/10/20 17:16:14 | 000,000,000 | ---D | C] -- C:\Users\Brandy\Documents\My Received Files
[2011/10/20 17:15:52 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\{71B1E47F-9589-4606-B148-E6D70D7707C7}
[2011/10/20 17:15:40 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\{A5126343-8D6D-4DE2-A502-39DB79D2B83A}
[2011/10/20 17:14:56 | 000,000,000 | ---D | C] -- C:\Users\Brandy\Tracing
[2011/10/20 17:08:45 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/10/20 17:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/10/20 17:04:07 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\Windows Live
[2011/10/20 17:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/10/20 14:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Charles
[2011/10/20 14:13:12 | 004,646,210 | ---- | C] (XK72 Ltd) -- C:\Users\Brandy\Desktop\charles_setup_3.51.exe
[2011/10/20 14:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/10/20 14:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/20 14:11:32 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2011/10/20 14:11:31 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/20 14:11:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/20 14:11:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/20 14:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/10/19 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FarmVilleBot
[2011/10/19 18:55:46 | 000,000,000 | ---D | C] -- C:\FarmVilleBot_2.1
[2011/10/19 18:55:25 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\WinRAR
[2011/10/19 18:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/10/19 18:55:24 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/10/19 18:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/10/19 16:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/10/19 15:32:34 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/10/19 15:32:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/19 15:32:33 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/10/19 15:32:32 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/10/19 15:32:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/19 15:32:31 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/19 15:32:31 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/10/19 15:32:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/10/19 15:32:29 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/19 15:32:29 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/10/19 15:32:29 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/10/19 15:32:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/10/19 15:32:28 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/10/19 15:32:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/19 15:32:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/19 15:32:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/19 15:32:27 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/19 15:32:27 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/19 15:32:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/19 15:32:26 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/10/19 15:32:26 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/19 15:32:25 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/19 15:32:25 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/10/19 15:32:25 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/10/19 15:32:23 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/19 15:32:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/19 15:32:22 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/10/19 15:32:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/10/19 15:32:22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/10/19 15:32:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/10/19 15:32:21 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/19 15:32:20 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/19 15:32:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/19 15:32:20 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/10/19 15:32:19 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/10/19 15:32:19 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/10/19 15:32:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/19 15:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2011/10/19 15:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2011/10/19 14:57:59 | 000,758,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\cohelper.dll
[2011/10/19 14:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/10/19 14:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/10/19 14:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/10/19 14:49:08 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/10/19 14:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/10/19 14:42:59 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Yahoo!
[2011/10/19 14:42:39 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/10/19 14:42:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/10/19 14:42:23 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/10/19 14:42:15 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/10/19 14:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/10/19 14:32:38 | 000,735,232 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2011/10/19 14:32:38 | 000,735,232 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2011/10/19 14:32:38 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011/10/19 14:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2011/10/19 14:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011/10/19 14:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/10/19 14:29:10 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/10/19 14:28:58 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/10/19 14:23:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/10/19 14:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/10/19 14:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/10/19 14:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/10/19 13:44:33 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Mozilla
[2011/10/19 13:41:43 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\CometNetwork
[2011/10/19 13:41:43 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\CometNetwork
[2011/10/19 13:37:36 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2011/10/19 13:34:09 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/10/19 13:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\CometBird
[2011/10/19 13:17:14 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011/10/19 13:17:08 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/10/19 13:17:08 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/10/19 13:14:27 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/10/19 13:14:20 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/10/19 13:14:20 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/10/19 13:14:20 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/10/19 13:14:20 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/10/19 13:14:17 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/10/19 13:12:38 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011/10/19 13:12:38 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/10/19 13:12:25 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011/10/19 13:12:14 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/10/19 13:12:14 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/10/19 13:12:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/10/19 13:12:14 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/10/19 13:12:13 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/10/19 13:12:13 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011/10/19 12:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/19 12:45:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/10/19 12:45:48 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/10/19 12:45:48 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/10/19 12:30:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/10/19 12:28:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/10/19 12:28:23 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/10/19 12:28:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/10/19 12:28:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/10/19 12:28:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/10/19 12:28:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/10/19 12:28:20 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/10/19 12:28:20 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/10/19 12:28:20 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/10/19 12:28:20 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/10/19 12:28:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/10/19 12:28:16 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/10/19 12:28:16 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/10/19 12:28:16 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/10/19 12:28:16 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/10/19 12:28:16 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/10/19 12:27:44 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/19 12:27:44 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/19 12:27:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/19 12:27:43 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/19 12:27:36 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011/10/19 12:27:23 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/10/19 12:27:10 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/10/19 12:27:09 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/10/19 12:27:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/10/19 12:27:07 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/19 12:26:57 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/10/19 12:26:57 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/10/19 12:26:57 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/10/19 12:26:56 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/10/19 12:26:56 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/10/19 12:26:56 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/10/19 12:26:56 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/10/19 12:26:55 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/10/19 12:26:55 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/10/19 12:26:55 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/10/19 12:26:53 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/10/19 12:26:53 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/10/19 12:26:41 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/10/19 12:26:22 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/10/19 12:26:14 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/19 12:26:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/10/19 12:26:06 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/10/19 12:26:05 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/10/19 12:25:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/10/19 12:25:44 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/10/19 12:25:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/10/19 12:25:21 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/10/19 12:25:15 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2011/10/19 12:25:11 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/10/19 12:25:11 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/10/19 12:25:11 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/10/19 12:25:11 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/10/19 12:25:10 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/10/19 12:25:10 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/10/19 12:25:10 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/10/19 12:25:10 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/10/19 12:25:10 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/10/19 12:25:10 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/10/19 12:25:10 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/10/19 12:24:50 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/10/19 12:24:33 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/10/19 12:24:32 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/10/19 12:24:31 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/10/19 12:24:30 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/10/19 12:24:17 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/10/19 12:24:17 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/10/19 12:24:17 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/10/19 12:24:15 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/10/19 12:24:11 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/10/19 12:24:10 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/10/19 12:24:10 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/10/19 12:24:10 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/10/19 12:24:00 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/10/19 12:22:42 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Macromedia
[2011/10/19 12:22:42 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Adobe
[2011/10/19 12:22:39 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/19 12:22:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/10/19 12:10:26 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamers Unite! Snag Bar
[2011/10/19 12:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Gamers Unite! Snag Bar
[2011/10/19 12:09:34 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/10/19 12:00:52 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011/10/19 12:00:51 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011/10/19 12:00:31 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011/10/19 12:00:31 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011/10/19 12:00:31 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011/10/19 12:00:21 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011/10/19 12:00:21 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/10/19 11:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/10/19 11:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\Hp
[2011/10/19 11:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2011/10/19 11:54:02 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/10/19 11:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/10/19 11:48:41 | 001,079,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2011/10/19 11:48:41 | 000,313,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvexpbar.dll
[2011/10/19 11:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWaiting
[2011/10/19 11:46:08 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/10/19 11:46:08 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\BVRP Software
[2011/10/19 11:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2011/10/19 11:45:32 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\InstallShield
[2011/10/19 11:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/10/19 11:42:01 | 000,442,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvusmb.exe
[2011/10/19 11:41:28 | 000,485,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2011/10/19 11:41:23 | 000,000,000 | ---D | C] -- C:\swsetup
[2011/10/19 11:40:31 | 000,000,000 | R--D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/10/19 11:40:31 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Searches
[2011/10/19 11:40:31 | 000,000,000 | R--D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/10/19 11:40:22 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Identities
[2011/10/19 11:40:20 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Contacts
[2011/10/19 11:40:19 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\VirtualStore
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\AppData\Local\Temporary Internet Files
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Templates
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Start Menu
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\SendTo
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Recent
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\PrintHood
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\NetHood
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Documents\My Videos
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Documents\My Pictures
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Documents\My Music
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\My Documents
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Local Settings
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\AppData\Local\History
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Cookies
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Application Data
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\AppData\Local\Application Data
[2011/10/19 11:40:13 | 000,000,000 | --SD | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Videos
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Saved Games
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Pictures
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Music
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Links
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Favorites
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Downloads
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Documents
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Desktop
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/10/19 11:40:13 | 000,000,000 | -H-D | C] -- C:\Users\Brandy\AppData
[2011/10/19 11:40:13 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\Temp
[2011/10/19 11:40:13 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\Microsoft

========== Files - Modified Within 30 Days ==========

[2011/10/20 18:09:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brandy\Desktop\OTL.exe
[2011/10/20 18:04:37 | 000,002,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/20 18:04:37 | 000,002,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/20 17:47:59 | 000,001,076 | ---- | M] () -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk
[2011/10/20 17:45:20 | 000,209,920 | ---- | M] (©mySYStems) -- C:\Users\Brandy\filebasebridge.exe
[2011/10/20 17:45:11 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/20 17:45:06 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/20 17:34:14 | 000,230,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/20 17:33:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/20 17:33:37 | 1877,364,736 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/20 14:10:43 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/20 14:10:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/20 14:10:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/20 14:10:40 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2011/10/20 13:12:33 | 000,000,577 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\CityVilleBot.lnk
[2011/10/20 12:54:45 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/20 12:54:45 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/19 18:59:10 | 000,000,685 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot Lite.lnk
[2011/10/19 18:59:10 | 000,000,660 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot.lnk
[2011/10/19 16:18:25 | 000,000,943 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/19 15:32:55 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/10/19 15:32:55 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/10/19 15:32:34 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/10/19 15:32:34 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/19 15:32:33 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/10/19 15:32:32 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/10/19 15:32:32 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/10/19 15:32:31 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/19 15:32:31 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/19 15:32:31 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/10/19 15:32:29 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/19 15:32:29 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/10/19 15:32:29 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/10/19 15:32:28 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/10/19 15:32:28 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/10/19 15:32:28 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/19 15:32:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/19 15:32:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/19 15:32:28 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/10/19 15:32:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/19 15:32:27 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/19 15:32:27 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/19 15:32:26 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/10/19 15:32:26 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/19 15:32:25 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/19 15:32:25 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/10/19 15:32:25 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/10/19 15:32:23 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/19 15:32:23 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/19 15:32:22 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/19 15:32:22 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/10/19 15:32:22 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/10/19 15:32:22 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/10/19 15:32:22 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/10/19 15:32:21 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/10/19 15:32:20 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/19 15:32:20 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/19 15:32:19 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/10/19 15:32:19 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/10/19 15:32:19 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/19 15:30:56 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/10/19 14:54:56 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/19 14:45:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2011/10/19 14:41:39 | 000,000,966 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/19 14:29:00 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/10/19 14:19:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/10/19 13:35:25 | 000,048,744 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/10/19 13:34:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/10/19 13:33:40 | 000,000,840 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\CometBird.lnk
[2011/10/19 12:57:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/19 11:57:06 | 000,006,656 | ---- | M] () -- C:\Windows\System32\bcmwlrc.dll
[2011/10/19 11:40:39 | 000,000,680 | ---- | M] () -- C:\Users\Brandy\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/10/20 17:30:32 | 000,001,076 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk
[2011/10/20 17:12:16 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/10/20 14:13:13 | 000,000,021 | ---- | C] () -- C:\Users\Brandy\Desktop\run.bat
[2011/10/20 14:13:12 | 000,531,073 | ---- | C] () -- C:\Users\Brandy\Desktop\patcher.jar
[2011/10/20 13:53:11 | 000,001,662 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Charles.lnk
[2011/10/20 13:12:33 | 000,000,577 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\CityVilleBot.lnk
[2011/10/19 18:59:10 | 000,000,685 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot Lite.lnk
[2011/10/19 18:59:10 | 000,000,660 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot.lnk
[2011/10/19 15:32:28 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/10/19 15:30:56 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/10/19 14:45:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2011/10/19 14:41:39 | 000,000,966 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/19 14:32:38 | 000,010,844 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2011/10/19 14:32:38 | 000,006,483 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2011/10/19 14:29:00 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2011/10/19 14:28:59 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2011/10/19 14:23:20 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/10/19 14:19:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/10/19 13:36:33 | 1877,364,736 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/19 13:34:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/10/19 13:33:40 | 000,000,840 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\CometBird.lnk
[2011/10/19 12:57:38 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/19 12:54:29 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/19 12:39:38 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/10/19 12:28:17 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/10/19 12:28:17 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/10/19 12:28:17 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/10/19 12:03:49 | 000,000,943 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/19 11:55:08 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011/10/19 11:53:24 | 006,815,264 | ---- | C] () -- C:\Windows\System\DriveIcon.dll
[2011/10/19 11:43:14 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/10/19 11:42:01 | 000,002,016 | ---- | C] () -- C:\Windows\System32\nvsmb.nvu
[2011/10/19 11:40:33 | 000,000,949 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/19 11:40:30 | 000,000,944 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/10/19 11:40:20 | 000,000,915 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/10/19 11:40:15 | 000,000,680 | ---- | C] () -- C:\Users\Brandy\AppData\Local\d3d9caps.dat
[2011/10/19 11:40:13 | 000,000,258 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/10/19 11:40:13 | 000,000,240 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/04/11 08:18:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/11 08:18:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 08:18:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,230,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

< End of report >

This was listed as Extras:

OTL Extras logfile created on: 10/20/2011 6:11:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brandy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 51.24% Memory free
3.74 Gb Paging File | 2.80 Gb Available in Paging File | 74.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.71 Gb Total Space | 109.80 Gb Free Space | 79.16% Space Free | Partition Type: NTFS
Drive D: | 10.33 Gb Total Space | 1.46 Gb Free Space | 14.14% Space Free | Partition Type: NTFS
Drive G: | 232.89 Gb Total Space | 188.61 Gb Free Space | 80.99% Space Free | Partition Type: NTFS

Computer Name: BRANDY-PC | User Name: Brandy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = CometBirdHTML] -- C:\Program Files\CometBird\cometbird.exe (CometNetwork)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{069862CB-E82C-4858-9F1D-23DE6882B5E2}" = lport=139 | protocol=6 | dir=in | app=system |
"{1903B8ED-CBD6-494C-80C6-3D9774869EC7}" = lport=138 | protocol=17 | dir=in | app=system |
"{1DBCF02D-8D54-44D5-853A-EDA8E0F9CD36}" = rport=138 | protocol=17 | dir=out | app=system |
"{290B827D-A199-4166-936F-31CDE780E6C5}" = lport=445 | protocol=6 | dir=in | app=system |
"{57905900-EF7B-4070-B722-A85B0B800518}" = rport=139 | protocol=6 | dir=out | app=system |
"{612B14F1-761A-4004-9090-7F0865AAABDA}" = lport=137 | protocol=17 | dir=in | app=system |
"{7E458840-0106-4B66-A4F6-4FE47DB33ED9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{84137DAF-A316-4104-B197-9D3A89DECBC2}" = rport=137 | protocol=17 | dir=out | app=system |
"{A2ED103D-3D1C-4B6B-BD87-421D96B839C1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A484E006-D716-4796-9EC0-FC1E156CA45F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D5D04495-048C-4CF9-BAE5-FCD4C38F3722}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FA6DCA5A-99A4-44A4-852B-195040345734}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1793AAB1-2C4C-40AC-A6AD-1E6B4FAA3EA6}" = protocol=1 | dir=in | [email protected],-28543 |
"{1D812B47-A300-41D7-912D-C8E4A44C465E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{27389CB9-B582-4D17-AAC4-5E70A80D98AF}" = protocol=17 | dir=in | app=c:\program files\gamers unite! snag bar\toolbarupdate.exe |
"{3EC6DCA4-2961-425A-9059-336F10C5868A}" = protocol=1 | dir=out | [email protected],-28544 |
"{4E908B06-3109-4D4A-884D-FC7CD00372A0}" = protocol=6 | dir=in | app=c:\program files\gamers unite! snag bar\toolbarupdate.exe |
"{4F4C3CB6-39F0-4D63-8ED4-C5182EC9B1B2}" = protocol=58 | dir=in | [email protected],-28545 |
"{56DAA901-1B31-49EA-8A7D-F2243BE94D59}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B11FD52F-1334-4997-BE2B-B75BDC1CD0C0}" = protocol=17 | dir=in | app=c:\program files\gamers unite! snag bar\troubleshooter.exe |
"{CCC90DCB-B88B-4762-B6C6-42A044650410}" = protocol=58 | dir=out | [email protected],-28546 |
"{D43FAFA4-6902-429B-A4A3-1BDD1A0296AE}" = protocol=6 | dir=in | app=c:\program files\gamers unite! snag bar\troubleshooter.exe |
"{F1F5E920-0DEA-43DC-B483-6AD16CD6E412}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FEF174C3-5823-424B-802D-53A6F53D6916}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{419B935B-9917-4A25-BC5A-F7F77D990E47}G:\program files\cityvillebot\cvbot.exe" = protocol=6 | dir=in | app=g:\program files\cityvillebot\cvbot.exe |
"TCP Query User{6AECEFDB-CF55-4718-B137-A3574B134B95}C:\farmvillebot_2.1\farmvillebot.exe" = protocol=6 | dir=in | app=c:\farmvillebot_2.1\farmvillebot.exe |
"TCP Query User{8896A702-BCBB-4CB9-97A9-EAE78933FDF1}G:\frontiervillebot\frvbot.exe" = protocol=6 | dir=in | app=g:\frontiervillebot\frvbot.exe |
"UDP Query User{62D4715A-8671-4B21-997D-A2DF70A7384A}C:\farmvillebot_2.1\farmvillebot.exe" = protocol=17 | dir=in | app=c:\farmvillebot_2.1\farmvillebot.exe |
"UDP Query User{74800812-9C81-48CD-B763-069EB4D1D0BF}G:\program files\cityvillebot\cvbot.exe" = protocol=17 | dir=in | app=g:\program files\cityvillebot\cvbot.exe |
"UDP Query User{BCFD8427-FF1E-4466-8220-3800A80562A3}G:\frontiervillebot\frvbot.exe" = protocol=17 | dir=in | app=g:\frontiervillebot\frvbot.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11745B8A-E942-4674-B729-39110F5962AA}_is1" = FarmVilleBot 2.2.2.4
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC7EDC76-DE45-4BC3-BC4F-3273F0836464}_is1" = CityVilleBot
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Charles_XK72" = Charles
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CometBird 7.0.1 (x86 en-US)" = CometBird 7.0.1 (x86 en-US)
"Gamers Unite! Snag Bar" = Gamers Unite! Snag Bar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Zentom System Guard" = Zentom System Guard

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/20/2011 6:35:45 PM | Computer Name = Brandy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/20/2011 6:35:45 PM | Computer Name = Brandy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/20/2011 6:35:46 PM | Computer Name = Brandy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/20/2011 6:35:46 PM | Computer Name = Brandy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/20/2011 6:35:46 PM | Computer Name = Brandy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/20/2011 6:35:46 PM | Computer Name = Brandy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/20/2011 6:35:46 PM | Computer Name = Brandy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/20/2011 6:35:46 PM | Computer Name = Brandy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/20/2011 6:35:46 PM | Computer Name = Brandy-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/20/2011 6:35:46 PM | Computer Name = Brandy-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 10/19/2011 5:08:17 PM | Computer Name = Brandy-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/20/2011 9:58:24 AM | Computer Name = Brandy-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 10/20/2011 12:37:21 PM | Computer Name = Brandy-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x8007042c Error description: The dependency service or group failed
to start. Reason: %%892

Error - 10/20/2011 1:47:50 PM | Computer Name = Brandy-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 10/20/2011 1:47:50 PM | Computer Name = Brandy-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x8007042c Error description: The dependency service or group failed
to start. Reason: %%892

Error - 10/20/2011 1:48:48 PM | Computer Name = Brandy-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/20/2011 6:34:01 PM | Computer Name = Brandy-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:31:32 PM on 10/20/2011 was unexpected.

Error - 10/20/2011 6:34:17 PM | Computer Name = Brandy-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x8007042c Error description: The dependency service or group failed
to start. Reason: %%892

Error - 10/20/2011 6:35:14 PM | Computer Name = Brandy-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/20/2011 6:45:02 PM | Computer Name = Brandy-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

< End of report >

Edited by Brandy Finley, 20 October 2011 - 05:19 PM.

#2
RKinner

Posted 20 October 2011 - 06:44 PM

Malware Expert

Expert
24,625 posts

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
O4 - HKCU..\Run: [senrmodk70.exe] C:\Users\Brandy\AppData\Roaming\7601EDE860C62B483F6A38F30E6CEE14\senrmodk70.exe (©mySYStems)
O4 - HKCU..\RunOnce: [*auditobjxml.exe] "C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\auditobjxml.exe" File not found
O4 - HKCU..\RunOnce: [*filebasebridge.exe] C:\Users\Brandy\filebasebridge.exe (©mySYStems)
O4 - Startup: C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk = C:\Users\Brandy\AppData\Roaming\7601EDE860C62B483F6A38F30E6CEE14\senrmodk70.exe (©mySYStems)
[2011/10/20 18:09:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brandy\Desktop\OTL.exe
[2011/10/20 17:45:20 | 000,209,920 | ---- | C] (©mySYStems) -- C:\Users\Brandy\filebasebridge.exe
[2011/10/20 17:30:09 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\7601EDE860C62B483F6A38F30E6CEE14
[2011/10/20 17:29:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Users\Brandy\taskmgr.exe
[2011/10/20 17:47:59 | 000,001,076 | ---- | M] () -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk
[2011/10/20 17:45:20 | 000,209,920 | ---- | M] (©mySYStems) -- C:\Users\Brandy\filebasebridge.exe
[2011/10/20 17:30:32 | 000,001,076 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk
[2011/10/20 17:12:16 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/10/20 14:13:13 | 000,000,021 | ---- | C] () -- C:\Users\Brandy\Desktop\run.bat
[2011/10/20 14:13:12 | 000,531,073 | ---- | C] () -- C:\Users\Brandy\Desktop\patcher.jar
[2011/10/20 13:53:11 | 000,001,662 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Charles.lnk

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Users\Brandy\AppData\Roaming\7601EDE860C62B483F6A38F30E6CEE14

:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Zentom System Guard"=-
     
:Commands
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#3
Brandy Finley

Posted 20 October 2011 - 08:42 PM

Member

Topic Starter
Member
11 posts

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7991

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

10/20/2011 8:36:31 PM
mbam-log-2011-10-20 (20-36-31).txt

Scan type: Quick scan
Objects scanned: 160026
Time elapsed: 6 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Zentom System Guard (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Brandy\AppData\Roaming\microsoft\Windows\start menu\Programs\zentom system guard (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Brandy\AppData\Local\Temp\err.log16987682 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Brandy\AppData\Local\Temp\err.log16987713 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Brandy\Desktop\zentom system guard.lnk (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.
c:\Users\Brandy\AppData\Roaming\microsoft\internet explorer\quick launch\zentom system guard.lnk (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.
c:\Users\Brandy\AppData\Roaming\microsoft\Windows\start menu\Programs\zentom system guard\zentom system guard.lnk (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.
c:\Users\Brandy\AppData\Roaming\microsoft\Windows\start menu\Programs\zentom system guard\uninstall.lnk (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.

ComboFix 11-10-20.08 - Brandy 10/20/2011 20:48:20.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1790.1089 [GMT -5:00]
Running from: c:\users\Brandy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brandy\AppData\Roaming\Adobe\plugs
c:\users\Brandy\AppData\Roaming\Adobe\shed
c:\users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Zentom System Guard.lnk
c:\windows\system32\odbcad32.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))
.
.
2011-10-21 01:58 . 2011-10-21 01:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-21 01:38 . 2011-10-21 01:38 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11E83E0C-2E56-4825-ACEA-A2E7D5269C61}\offreg.dll
2011-10-21 01:28 . 2011-10-21 01:28 -------- d-----w- c:\programdata\Malwarebytes
2011-10-21 01:28 . 2011-10-21 01:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-21 01:28 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-21 01:13 . 2011-10-21 01:13 -------- d-----w- C:\_OTL
2011-10-20 22:08 . 2011-10-20 22:08 -------- d-----w- c:\windows\PCHEALTH
2011-10-20 22:06 . 2011-10-20 22:12 -------- d-----w- c:\program files\Windows Live
2011-10-20 22:03 . 2011-10-20 22:03 -------- d-----w- c:\program files\Common Files\Windows Live
2011-10-20 19:14 . 2011-10-20 19:14 -------- d-----w- c:\program files\Charles
2011-10-20 19:12 . 2011-10-20 19:12 -------- d-----w- c:\program files\Common Files\Java
2011-10-20 19:11 . 2011-10-20 19:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2011-10-20 19:09 . 2011-10-20 19:09 -------- d-----w- c:\program files\Java
2011-10-20 16:36 . 2011-10-18 07:28 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-20 16:36 . 2011-10-18 07:28 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11E83E0C-2E56-4825-ACEA-A2E7D5269C61}\mpengine.dll
2011-10-19 23:55 . 2011-10-20 17:02 -------- d-----w- C:\FarmVilleBot_2.1
2011-10-19 21:21 . 2011-10-19 21:21 -------- d-----w- c:\program files\Microsoft.NET
2011-10-19 20:30 . 2011-10-19 20:30 -------- d-----w- c:\program files\PowerISO
2011-10-19 19:57 . 2010-08-12 16:46 758784 ----a-w- c:\windows\system32\cohelper.dll
2011-10-19 19:57 . 2011-10-19 19:57 -------- d-----w- c:\program files\NVIDIA Corporation
2011-10-19 19:55 . 2011-10-20 17:47 -------- d-----w- c:\program files\Microsoft Silverlight
2011-10-19 19:50 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-19 19:49 . 2009-01-08 01:20 265720 ----a-w- c:\program files\Internet Explorer\msdbg2.dll
2011-10-19 19:49 . 2009-01-08 01:20 355832 ----a-w- c:\program files\Internet Explorer\pdm.dll
2011-10-19 19:44 . 2011-10-19 19:44 -------- d-----w- c:\program files\Synaptics
2011-10-19 19:42 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-19 19:42 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-10-19 19:42 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-10-19 19:42 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-10-19 19:32 . 2011-10-19 19:32 -------- d-----w- c:\windows\Options
2011-10-19 19:32 . 2011-10-19 19:32 -------- d-----w- c:\program files\Atheros
2011-10-19 19:32 . 2007-05-30 20:40 735232 ----a-w- c:\windows\system32\drivers\athr.sys
2011-10-19 19:32 . 2007-05-30 20:40 735232 ----a-w- c:\windows\system32\athr.sys
2011-10-19 19:31 . 2011-10-19 19:31 -------- d-----w- c:\programdata\Atheros
2011-10-19 19:31 . 2011-10-19 19:31 -------- d-----w- c:\program files\Common Files\InstallShield
2011-10-19 19:29 . 2011-10-19 18:35 -------- d-----w- c:\windows\Panther
2011-10-19 19:28 . 2011-10-19 19:28 -------- d-----w- C:\Boot
2011-10-19 19:19 . 2011-10-19 19:19 -------- d-----w- c:\program files\Windows Portable Devices
2011-10-19 19:09 . 2011-10-19 19:41 -------- d-----w- c:\programdata\Yahoo!
2011-10-19 19:05 . 2011-10-19 19:09 -------- d-----w- c:\program files\Yahoo!
2011-10-19 18:37 . 2011-10-19 19:53 -------- d-----w- c:\windows\Debug
2011-10-19 18:32 . 2011-10-19 18:32 -------- d-----w- c:\program files\CometBird
2011-10-19 18:17 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-10-19 18:17 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-10-19 18:17 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-10-19 18:14 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-10-19 18:14 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-10-19 18:14 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-10-19 18:14 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-10-19 18:14 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-10-19 18:14 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-10-19 18:14 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-10-19 18:12 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2011-10-19 18:12 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2011-10-19 18:12 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2011-10-19 18:12 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2011-10-19 18:12 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2011-10-19 18:12 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-10-19 18:12 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2011-10-19 18:12 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2011-10-19 18:12 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2011-10-19 18:12 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2011-10-19 18:12 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2011-10-19 18:12 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2011-10-19 18:00 . 2011-10-04 22:22 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41AC8171-486A-4EDF-931D-F6D80B458760}\gapaengine.dll
2011-10-19 17:54 . 2011-10-19 17:54 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-19 17:45 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-19 17:45 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-19 17:45 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-10-19 17:45 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-19 17:45 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-10-19 17:27 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-19 17:26 . 2011-01-20 16:37 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-10-19 17:25 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2011-10-19 17:24 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-10-19 17:22 . 2011-10-19 19:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-19 17:22 . 2011-10-19 17:22 -------- d-----w- c:\windows\system32\Macromed
2011-10-19 17:10 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-10-19 17:10 . 2011-10-19 17:10 -------- d-----w- c:\program files\Gamers Unite! Snag Bar
2011-10-19 17:09 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-10-19 17:00 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-10-19 17:00 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-10-19 17:00 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2011-10-19 17:00 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-10-19 17:00 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2011-10-19 17:00 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2011-10-19 17:00 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-10-19 17:00 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-10-19 17:00 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-10-19 16:55 . 2011-10-19 16:55 -------- d-----w- c:\program files\Hp
2011-10-19 16:55 . 2011-10-19 16:57 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-10-19 16:55 . 2011-10-19 16:55 -------- d-----w- c:\program files\Broadcom
2011-10-19 16:54 . 2011-10-20 22:13 -------- d-sh--w- c:\windows\Installer
2011-10-19 16:53 . 2009-04-23 16:33 64512 ----a-w- c:\windows\system32\drivers\RTSTOR.sys
2011-10-19 16:53 . 2009-02-04 03:39 6815264 ----a-w- c:\windows\system\DriveIcon.dll
2011-10-19 16:52 . 2011-10-19 20:16 -------- d-----w- c:\programdata\NVIDIA
2011-10-19 16:48 . 2008-07-12 14:31 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2011-10-19 16:48 . 2008-07-12 14:31 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2011-10-19 16:46 . 2011-10-19 19:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-10-19 16:45 . 2011-10-19 16:46 -------- d-----w- c:\program files\NetWaiting
2011-10-19 16:45 . 2011-10-19 19:43 -------- d-----w- c:\program files\CONEXANT
2011-10-19 16:43 . 2010-08-10 03:33 11164 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-10-19 16:42 . 2008-01-10 19:30 442368 ----a-w- c:\windows\system32\nvusmb.exe
2011-10-19 16:41 . 2009-07-24 02:01 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2011-10-19 16:41 . 2011-10-19 19:31 -------- d-----w- C:\swsetup
2011-10-19 16:40 . 2011-10-21 01:13 -------- d-----w- c:\users\Brandy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-20 22:07 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26A7CA19-7D58-411D-B2DA-F1B0324CBFFC}]
2011-10-19 17:10 1603072 ----a-w- c:\program files\Gamers Unite! Snag Bar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files\Gamers Unite! Snag Bar\Toolbar.dll" [2011-10-19 1603072]
.
[HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files\Gamers Unite! Snag Bar\Toolbar.dll" [2011-10-19 1603072]
.
[HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*certpackprov.exe"="c:\users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\certpackprov.exe" [2011-10-21 209920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
certpackprov.exe [2011-10-20 209920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-10 43040]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-20 20:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-20 21:04:10
ComboFix-quarantined-files.txt 2011-10-21 02:04
.
Pre-Run: 117,763,383,296 bytes free
Post-Run: 118,632,329,216 bytes free
.
- - End Of File - - 435AFD9312B1FFEE19C054B0B43D92CF

21:06:01.0161 2996 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
21:06:01.0567 2996 ============================================================
21:06:01.0567 2996 Current date / time: 2011/10/20 21:06:01.0567
21:06:01.0567 2996 SystemInfo:
21:06:01.0567 2996
21:06:01.0567 2996 OS Version: 6.0.6002 ServicePack: 2.0
21:06:01.0567 2996 Product type: Workstation
21:06:01.0567 2996 ComputerName: BRANDY-PC
21:06:01.0567 2996 UserName: Brandy
21:06:01.0567 2996 Windows directory: C:\Windows
21:06:01.0567 2996 System windows directory: C:\Windows
21:06:01.0567 2996 Processor architecture: Intel x86
21:06:01.0567 2996 Number of processors: 2
21:06:01.0567 2996 Page size: 0x1000
21:06:01.0567 2996 Boot type: Normal boot
21:06:01.0567 2996 ============================================================
21:06:05.0685 2996 Initialize success
21:06:20.0911 4164 ============================================================
21:06:20.0911 4164 Scan started
21:06:20.0911 4164 Mode: Manual;
21:06:20.0911 4164 ============================================================
21:06:21.0488 4164 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:06:21.0503 4164 ACPI - ok
21:06:21.0550 4164 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:06:21.0566 4164 adp94xx - ok
21:06:21.0722 4164 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:06:21.0722 4164 adpahci - ok
21:06:21.0737 4164 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:06:21.0737 4164 adpu160m - ok
21:06:21.0815 4164 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:06:21.0815 4164 adpu320 - ok
21:06:21.0956 4164 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:06:21.0971 4164 AFD - ok
21:06:22.0096 4164 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:06:22.0096 4164 agp440 - ok
21:06:22.0143 4164 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:06:22.0143 4164 aic78xx - ok
21:06:22.0174 4164 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:06:22.0174 4164 aliide - ok
21:06:22.0237 4164 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:06:22.0237 4164 amdagp - ok
21:06:22.0252 4164 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:06:22.0252 4164 amdide - ok
21:06:22.0393 4164 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:06:22.0393 4164 AmdK7 - ok
21:06:22.0455 4164 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:06:22.0455 4164 AmdK8 - ok
21:06:22.0627 4164 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:06:22.0627 4164 arc - ok
21:06:22.0658 4164 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:06:22.0673 4164 arcsas - ok
21:06:22.0751 4164 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:06:22.0751 4164 AsyncMac - ok
21:06:22.0783 4164 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:06:22.0783 4164 atapi - ok
21:06:23.0001 4164 athr (0437199c88f6e88a387cfec8a8886a6e) C:\Windows\system32\DRIVERS\athr.sys
21:06:23.0017 4164 athr - ok
21:06:23.0173 4164 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:06:23.0173 4164 Beep - ok
21:06:23.0219 4164 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:06:23.0219 4164 blbdrive - ok
21:06:23.0251 4164 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:06:23.0251 4164 bowser - ok
21:06:23.0360 4164 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:06:23.0360 4164 BrFiltLo - ok
21:06:23.0375 4164 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:06:23.0375 4164 BrFiltUp - ok
21:06:23.0500 4164 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:06:23.0500 4164 Brserid - ok
21:06:23.0547 4164 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:06:23.0547 4164 BrSerWdm - ok
21:06:23.0578 4164 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:06:23.0578 4164 BrUsbMdm - ok
21:06:23.0641 4164 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:06:23.0656 4164 BrUsbSer - ok
21:06:23.0703 4164 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:06:23.0703 4164 BTHMODEM - ok
21:06:23.0750 4164 catchme - ok
21:06:23.0968 4164 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:06:23.0968 4164 cdfs - ok
21:06:23.0999 4164 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:06:23.0999 4164 cdrom - ok
21:06:24.0031 4164 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:06:24.0031 4164 circlass - ok
21:06:24.0077 4164 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:06:24.0077 4164 CLFS - ok
21:06:24.0233 4164 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:06:24.0249 4164 CmBatt - ok
21:06:24.0280 4164 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:06:24.0280 4164 cmdide - ok
21:06:24.0343 4164 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
21:06:24.0358 4164 CnxtHdAudService - ok
21:06:24.0389 4164 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:06:24.0389 4164 Compbatt - ok
21:06:24.0405 4164 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:06:24.0405 4164 crcdisk - ok
21:06:24.0436 4164 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:06:24.0436 4164 Crusoe - ok
21:06:24.0499 4164 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:06:24.0499 4164 DfsC - ok
21:06:24.0577 4164 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:06:24.0577 4164 disk - ok
21:06:24.0717 4164 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:06:24.0826 4164 drmkaud - ok
21:06:24.0951 4164 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:06:24.0982 4164 DXGKrnl - ok
21:06:25.0123 4164 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:06:25.0123 4164 E1G60 - ok
21:06:25.0154 4164 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:06:25.0154 4164 Ecache - ok
21:06:25.0294 4164 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:06:25.0294 4164 elxstor - ok
21:06:25.0325 4164 ErrDev (a81ab23eddb4693612014d87367d014c) C:\Windows\system32\drivers\errdev.sys
21:06:25.0325 4164 ErrDev - ok
21:06:25.0388 4164 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:06:25.0388 4164 exfat - ok
21:06:25.0419 4164 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:06:25.0419 4164 fastfat - ok
21:06:25.0544 4164 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:06:25.0544 4164 fdc - ok
21:06:25.0591 4164 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:06:25.0591 4164 FileInfo - ok
21:06:25.0622 4164 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:06:25.0622 4164 Filetrace - ok
21:06:25.0637 4164 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:06:25.0637 4164 flpydisk - ok
21:06:25.0669 4164 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:06:25.0684 4164 FltMgr - ok
21:06:25.0903 4164 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:06:25.0903 4164 Fs_Rec - ok
21:06:25.0965 4164 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:06:25.0965 4164 gagp30kx - ok
21:06:25.0996 4164 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:06:26.0012 4164 HdAudAddService - ok
21:06:26.0043 4164 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:06:26.0074 4164 HDAudBus - ok
21:06:26.0090 4164 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:06:26.0090 4164 HidBth - ok
21:06:26.0105 4164 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:06:26.0105 4164 HidIr - ok
21:06:26.0137 4164 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:06:26.0137 4164 HidUsb - ok
21:06:26.0168 4164 HpCISSs (7ebec5eb56b90ed65a8bbd91464e5cfb) C:\Windows\system32\drivers\hpcisss.sys
21:06:26.0168 4164 HpCISSs - ok
21:06:26.0355 4164 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:06:26.0371 4164 HSF_DPV - ok
21:06:26.0480 4164 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:06:26.0480 4164 HSXHWAZL - ok
21:06:26.0527 4164 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:06:26.0542 4164 HTTP - ok
21:06:26.0651 4164 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:06:26.0651 4164 i2omp - ok
21:06:26.0745 4164 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:06:26.0776 4164 i8042prt - ok
21:06:26.0963 4164 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:06:26.0963 4164 iaStorV - ok
21:06:26.0995 4164 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:06:26.0995 4164 iirsp - ok
21:06:27.0135 4164 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:06:27.0135 4164 intelide - ok
21:06:27.0166 4164 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:06:27.0166 4164 intelppm - ok
21:06:27.0197 4164 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:06:27.0197 4164 IpFilterDriver - ok
21:06:27.0213 4164 IpInIp - ok
21:06:27.0244 4164 IPMIDRV (4b9c0f4d4a3acc535f9771039ecd6365) C:\Windows\system32\drivers\ipmidrv.sys
21:06:27.0244 4164 IPMIDRV - ok
21:06:27.0260 4164 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:06:27.0260 4164 IPNAT - ok
21:06:27.0275 4164 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:06:27.0291 4164 IRENUM - ok
21:06:27.0369 4164 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:06:27.0369 4164 isapnp - ok
21:06:27.0400 4164 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:06:27.0416 4164 iScsiPrt - ok
21:06:27.0478 4164 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:06:27.0478 4164 iteatapi - ok
21:06:27.0525 4164 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:06:27.0525 4164 iteraid - ok
21:06:27.0587 4164 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:06:27.0587 4164 kbdclass - ok
21:06:27.0681 4164 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:06:27.0681 4164 kbdhid - ok
21:06:27.0728 4164 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:06:27.0743 4164 KSecDD - ok
21:06:27.0931 4164 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:06:27.0946 4164 lltdio - ok
21:06:27.0993 4164 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:06:27.0993 4164 LSI_FC - ok
21:06:28.0009 4164 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:06:28.0009 4164 LSI_SAS - ok
21:06:28.0040 4164 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:06:28.0040 4164 LSI_SCSI - ok
21:06:28.0071 4164 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:06:28.0071 4164 luafv - ok
21:06:28.0118 4164 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
21:06:28.0118 4164 MBAMProtector - ok
21:06:28.0227 4164 MBAMSwissArmy - ok
21:06:28.0289 4164 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:06:28.0289 4164 mdmxsdk - ok
21:06:28.0321 4164 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:06:28.0321 4164 megasas - ok
21:06:28.0461 4164 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:06:28.0461 4164 MegaSR - ok
21:06:28.0492 4164 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:06:28.0508 4164 Modem - ok
21:06:28.0633 4164 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:06:28.0633 4164 monitor - ok
21:06:28.0664 4164 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:06:28.0679 4164 mouclass - ok
21:06:28.0695 4164 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:06:28.0711 4164 mouhid - ok
21:06:28.0726 4164 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:06:28.0726 4164 MountMgr - ok
21:06:28.0960 4164 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
21:06:28.0991 4164 MpFilter - ok
21:06:29.0179 4164 mpio (5da347912fd3af24d7bfb3de519d4bd0) C:\Windows\system32\drivers\mpio.sys
21:06:29.0179 4164 mpio - ok
21:06:29.0225 4164 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:06:29.0241 4164 MpNWMon - ok
21:06:29.0288 4164 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:06:29.0288 4164 mpsdrv - ok
21:06:29.0319 4164 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:06:29.0319 4164 Mraid35x - ok
21:06:29.0350 4164 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:06:29.0366 4164 MRxDAV - ok
21:06:29.0397 4164 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:06:29.0397 4164 mrxsmb - ok
21:06:29.0413 4164 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:06:29.0428 4164 mrxsmb10 - ok
21:06:29.0444 4164 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:06:29.0444 4164 mrxsmb20 - ok
21:06:29.0475 4164 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
21:06:29.0475 4164 msahci - ok
21:06:29.0506 4164 msdsm (2c563aef15b8d0014c36c5f27742ac7b) C:\Windows\system32\drivers\msdsm.sys
21:06:29.0506 4164 msdsm - ok
21:06:29.0537 4164 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:06:29.0537 4164 Msfs - ok
21:06:29.0569 4164 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:06:29.0569 4164 msisadrv - ok
21:06:29.0615 4164 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:06:29.0615 4164 MSKSSRV - ok
21:06:29.0631 4164 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:06:29.0647 4164 MSPCLOCK - ok
21:06:29.0662 4164 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:06:29.0662 4164 MSPQM - ok
21:06:29.0709 4164 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:06:29.0709 4164 MsRPC - ok
21:06:29.0756 4164 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:06:29.0756 4164 mssmbios - ok
21:06:29.0787 4164 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:06:29.0803 4164 MSTEE - ok
21:06:29.0834 4164 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:06:29.0834 4164 Mup - ok
21:06:29.0943 4164 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:06:29.0943 4164 NativeWifiP - ok
21:06:30.0083 4164 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:06:30.0083 4164 NDIS - ok
21:06:30.0224 4164 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:06:30.0224 4164 NdisTapi - ok
21:06:30.0255 4164 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:06:30.0255 4164 Ndisuio - ok
21:06:30.0286 4164 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:06:30.0286 4164 NdisWan - ok
21:06:30.0317 4164 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:06:30.0333 4164 NDProxy - ok
21:06:30.0364 4164 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:06:30.0364 4164 NetBIOS - ok
21:06:30.0473 4164 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:06:30.0473 4164 netbt - ok
21:06:30.0583 4164 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:06:30.0583 4164 nfrd960 - ok
21:06:30.0645 4164 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:06:30.0645 4164 NisDrv - ok
21:06:30.0801 4164 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:06:30.0848 4164 Npfs - ok
21:06:31.0004 4164 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:06:31.0004 4164 nsiproxy - ok
21:06:31.0066 4164 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:06:31.0097 4164 Ntfs - ok
21:06:31.0129 4164 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:06:31.0129 4164 ntrigdigi - ok
21:06:31.0160 4164 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:06:31.0160 4164 Null - ok
21:06:31.0207 4164 NVENETFD (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
21:06:31.0207 4164 NVENETFD - ok
21:06:31.0316 4164 NVHDA (b0dd52428bf564f5fc5ee331060be2a6) C:\Windows\system32\drivers\nvhda32v.sys
21:06:31.0316 4164 NVHDA - ok
21:06:31.0581 4164 nvlddmkm (9dac05d828e56801fd6ce5fdfced64af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:06:31.0659 4164 nvlddmkm - ok
21:06:31.0690 4164 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
21:06:31.0690 4164 NVNET - ok
21:06:31.0737 4164 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:06:31.0737 4164 nvraid - ok
21:06:31.0862 4164 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
21:06:31.0877 4164 nvsmu - ok
21:06:31.0955 4164 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:06:31.0955 4164 nvstor - ok
21:06:32.0080 4164 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:06:32.0080 4164 nv_agp - ok
21:06:32.0096 4164 NwlnkFlt - ok
21:06:32.0111 4164 NwlnkFwd - ok
21:06:32.0221 4164 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:06:32.0221 4164 ohci1394 - ok
21:06:32.0267 4164 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:06:32.0267 4164 Parport - ok
21:06:32.0392 4164 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:06:32.0392 4164 partmgr - ok
21:06:32.0423 4164 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:06:32.0423 4164 Parvdm - ok
21:06:32.0455 4164 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:06:32.0455 4164 pci - ok
21:06:32.0517 4164 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:06:32.0517 4164 pciide - ok
21:06:32.0579 4164 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:06:32.0579 4164 pcmcia - ok
21:06:32.0704 4164 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:06:32.0735 4164 PEAUTH - ok
21:06:32.0969 4164 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:06:32.0985 4164 PptpMiniport - ok
21:06:33.0016 4164 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
21:06:33.0016 4164 Processor - ok
21:06:33.0079 4164 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:06:33.0079 4164 PSched - ok
21:06:33.0157 4164 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:06:33.0172 4164 ql2300 - ok
21:06:33.0188 4164 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:06:33.0188 4164 ql40xx - ok
21:06:33.0219 4164 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:06:33.0219 4164 QWAVEdrv - ok
21:06:33.0250 4164 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:06:33.0250 4164 RasAcd - ok
21:06:33.0281 4164 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:06:33.0281 4164 Rasl2tp - ok
21:06:33.0313 4164 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:06:33.0328 4164 RasPppoe - ok
21:06:33.0344 4164 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:06:33.0344 4164 RasSstp - ok
21:06:33.0375 4164 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:06:33.0391 4164 rdbss - ok
21:06:33.0406 4164 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:06:33.0406 4164 RDPCDD - ok
21:06:33.0437 4164 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\drivers\rdpdr.sys
21:06:33.0453 4164 rdpdr - ok
21:06:33.0469 4164 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:06:33.0469 4164 RDPENCDD - ok
21:06:33.0500 4164 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:06:33.0500 4164 RDPWD - ok
21:06:33.0703 4164 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:06:33.0703 4164 rspndr - ok
21:06:33.0765 4164 RTSTOR (08c3394391ab0aff65d75ae65d4207e1) C:\Windows\system32\drivers\RTSTOR.SYS
21:06:33.0765 4164 RTSTOR - ok
21:06:33.0812 4164 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:06:33.0812 4164 sbp2port - ok
21:06:34.0015 4164 SCDEmu (9feb2026a460916d1a1198b460632630) C:\Windows\system32\drivers\SCDEmu.sys
21:06:34.0015 4164 SCDEmu - ok
21:06:34.0061 4164 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:06:34.0061 4164 secdrv - ok
21:06:34.0093 4164 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:06:34.0108 4164 Serenum - ok
21:06:34.0124 4164 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:06:34.0124 4164 Serial - ok
21:06:34.0139 4164 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:06:34.0139 4164 sermouse - ok
21:06:34.0171 4164 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:06:34.0171 4164 sffdisk - ok
21:06:34.0186 4164 sffp_mmc (e5eafe85815bd89095fef3144a09ab68) C:\Windows\system32\drivers\sffp_mmc.sys
21:06:34.0186 4164 sffp_mmc - ok
21:06:34.0202 4164 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\drivers\sffp_sd.sys
21:06:34.0217 4164 sffp_sd - ok
21:06:34.0233 4164 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:06:34.0233 4164 sfloppy - ok
21:06:34.0249 4164 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:06:34.0249 4164 sisagp - ok
21:06:34.0280 4164 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:06:34.0280 4164 SiSRaid2 - ok
21:06:34.0327 4164 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:06:34.0327 4164 SiSRaid4 - ok
21:06:34.0358 4164 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:06:34.0358 4164 Smb - ok
21:06:34.0389 4164 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:06:34.0389 4164 spldr - ok
21:06:34.0420 4164 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:06:34.0436 4164 srv - ok
21:06:34.0467 4164 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:06:34.0498 4164 srv2 - ok
21:06:34.0529 4164 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:06:34.0529 4164 srvnet - ok
21:06:34.0561 4164 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:06:34.0561 4164 swenum - ok
21:06:34.0607 4164 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:06:34.0607 4164 Symc8xx - ok
21:06:34.0623 4164 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:06:34.0623 4164 Sym_hi - ok
21:06:34.0639 4164 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:06:34.0639 4164 Sym_u3 - ok
21:06:34.0685 4164 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
21:06:34.0701 4164 SynTP - ok
21:06:34.0779 4164 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
21:06:34.0795 4164 Tcpip - ok
21:06:34.0841 4164 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
21:06:34.0857 4164 Tcpip6 - ok
21:06:34.0888 4164 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:06:34.0904 4164 tcpipreg - ok
21:06:34.0919 4164 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:06:34.0935 4164 TDPIPE - ok
21:06:34.0951 4164 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:06:34.0951 4164 TDTCP - ok
21:06:34.0997 4164 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:06:34.0997 4164 tdx - ok
21:06:35.0029 4164 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:06:35.0029 4164 TermDD - ok
21:06:35.0091 4164 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:06:35.0091 4164 tssecsrv - ok
21:06:35.0122 4164 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:06:35.0122 4164 tunmp - ok
21:06:35.0138 4164 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
21:06:35.0138 4164 tunnel - ok
21:06:35.0169 4164 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:06:35.0169 4164 uagp35 - ok
21:06:35.0185 4164 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:06:35.0200 4164 udfs - ok
21:06:35.0231 4164 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:06:35.0231 4164 uliagpkx - ok
21:06:35.0263 4164 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:06:35.0278 4164 uliahci - ok
21:06:35.0294 4164 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:06:35.0294 4164 UlSata - ok
21:06:35.0309 4164 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:06:35.0309 4164 ulsata2 - ok
21:06:35.0341 4164 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:06:35.0341 4164 umbus - ok
21:06:35.0372 4164 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:06:35.0372 4164 usbccgp - ok
21:06:35.0387 4164 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:06:35.0387 4164 usbcir - ok
21:06:35.0434 4164 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:06:35.0434 4164 usbehci - ok
21:06:35.0450 4164 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:06:35.0465 4164 usbhub - ok
21:06:35.0497 4164 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
21:06:35.0497 4164 usbohci - ok
21:06:35.0528 4164 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
21:06:35.0528 4164 usbprint - ok
21:06:35.0559 4164 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:06:35.0559 4164 USBSTOR - ok
21:06:35.0590 4164 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:06:35.0590 4164 usbuhci - ok
21:06:35.0621 4164 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:06:35.0621 4164 vga - ok
21:06:35.0653 4164 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:06:35.0668 4164 VgaSave - ok
21:06:35.0668 4164 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:06:35.0684 4164 viaagp - ok
21:06:35.0699 4164 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:06:35.0699 4164 ViaC7 - ok
21:06:35.0715 4164 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:06:35.0715 4164 viaide - ok
21:06:35.0731 4164 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:06:35.0746 4164 volmgr - ok
21:06:35.0762 4164 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:06:35.0777 4164 volmgrx - ok
21:06:35.0793 4164 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:06:35.0809 4164 volsnap - ok
21:06:35.0840 4164 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:06:35.0840 4164 vsmraid - ok
21:06:35.0871 4164 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:06:35.0871 4164 WacomPen - ok
21:06:35.0902 4164 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:06:35.0902 4164 Wanarp - ok
21:06:35.0918 4164 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:06:35.0918 4164 Wanarpv6 - ok
21:06:36.0011 4164 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:06:36.0011 4164 Wd - ok
21:06:36.0058 4164 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:06:36.0074 4164 Wdf01000 - ok
21:06:36.0261 4164 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:06:36.0261 4164 winachsf - ok
21:06:36.0370 4164 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:06:36.0370 4164 WmiAcpi - ok
21:06:36.0433 4164 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:06:36.0448 4164 ws2ifsl - ok
21:06:36.0573 4164 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:06:36.0573 4164 WUDFRd - ok
21:06:36.0604 4164 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
21:06:36.0604 4164 XAudio - ok
21:06:36.0651 4164 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:06:36.0651 4164 \Device\Harddisk0\DR0 - ok
21:06:39.0490 4164 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1
21:06:39.0506 4164 \Device\Harddisk1\DR1 - ok
21:06:39.0521 4164 Boot (0x1200) (39f50bd196940c646f2a315165b7106b) \Device\Harddisk0\DR0\Partition0
21:06:39.0521 4164 \Device\Harddisk0\DR0\Partition0 - ok
21:06:39.0568 4164 Boot (0x1200) (a85c7af61a6639136fe31c9d48f0ece0) \Device\Harddisk0\DR0\Partition1
21:06:39.0568 4164 \Device\Harddisk0\DR0\Partition1 - ok
21:06:39.0568 4164 Boot (0x1200) (72d8411b871bd94f8d95f9b204970cbc) \Device\Harddisk1\DR1\Partition0
21:06:39.0568 4164 \Device\Harddisk1\DR1\Partition0 - ok
21:06:39.0584 4164 ============================================================
21:06:39.0584 4164 Scan finished
21:06:39.0584 4164 ============================================================
21:06:39.0599 4000 Detected object count: 0
21:06:39.0599 4000 Actual detected object count: 0
21:07:26.0961 7924 Deinitialize success

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-20 21:08:28
-----------------------------
21:08:28.184 OS Version: Windows 6.0.6002 Service Pack 2
21:08:28.184 Number of processors: 2 586 0x301
21:08:28.184 ComputerName: BRANDY-PC UserName: Brandy
21:08:29.276 Initialize success
21:09:04.411 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
21:09:04.427 Disk 0 Vendor: ST9160310AS HP07 Size: 152627MB BusType: 3
21:09:06.439 Disk 0 MBR read successfully
21:09:06.455 Disk 0 MBR scan
21:09:06.455 Disk 0 Windows VISTA default MBR code
21:09:06.486 Disk 0 scanning sectors +312573952
21:09:06.611 Disk 0 scanning C:\Windows\system32\drivers
21:09:12.165 Service scanning
21:09:12.835 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:09:13.491 Modules scanning
21:09:25.737 Scan finished successfully
21:10:44.245 Disk 0 MBR has been saved successfully to "C:\Users\Brandy\Desktop\MBR.dat"
21:10:44.245 The log file has been saved successfully to "C:\Users\Brandy\Desktop\aswMBR.txt"

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 20/10/2011 9:37:34 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/10/2011 2:17:04 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/10/2011 2:15:35 AM
Type: Warning Category: 0
Event: 19 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error occurred. Error Source: Corrected Machine Check Error Type: Bus/Interconnect Error Processor ID Valid: Yes Processor ID: 0x1 Bank Number: 4 Transaction Type: N/A Processor Participation: Local node observed the request as 3rd party Request Type: Generic Error Memory/Io: Generic Memory Hierarchy Level: Generic Timeout: No

Log: 'System' Date/Time: 21/10/2011 2:14:27 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

#4
RKinner

Posted 20 October 2011 - 09:19 PM

Malware Expert

Expert
24,625 posts

The logs look good now. Any sign of Zentom now?

This error:

Log: 'System' Date/Time: 21/10/2011 2:15:35 AM
Type: Warning Category: 0
Event: 19 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error occurred. Error Source: Corrected Machine Check Error Type: Bus/Interconnect Error Processor ID Valid: Yes Processor ID: 0x1 Bank Number: 4 Transaction Type: N/A Processor Participation: Local node observed the request as 3rd party Request Type: Generic Error Memory/Io: Generic Memory Hierarchy Level: Generic Timeout: No

Says there was a memory error. You may need to change out the RAM in bank 1 if you continue to get these errors.

Ron

#5
Brandy Finley

Posted 20 October 2011 - 10:01 PM

Member

Topic Starter
Member
11 posts

So far no signs of it although after I ran OTL that program disappeared off the desktop just the txt file for it is there. And 2 .ini files are kinda shadowed out on my desktop both named desktop.ini. Any idea what these are for and why they are there? I am also getting Data Execution Prevention pop ups. Is this due the RAM in bank 1?

Edited by Brandy Finley, 20 October 2011 - 10:41 PM.

#6
RKinner

Posted 20 October 2011 - 11:28 PM

Malware Expert

Expert
24,625 posts

Desktop.ini is a hidden system file. OTL lets you see them. To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

What exactly do the Data Execution Prevention pop ups say and when do they show up? There should be a record in the event log so run Vino's Event Viewer again and post the logs.

We can run another scan to make sure you are clean:
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Ron

#7
RKinner

Posted 21 October 2011 - 12:56 AM

Malware Expert

Expert
24,625 posts

I think I missed one.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\certpackprov.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*certpackprov.exe"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron

#8
Brandy Finley

Posted 21 October 2011 - 08:12 AM

Member

Topic Starter
Member
11 posts

It says Microsoft Search Protocol has closed.There is nothing specific that I do it just pops up ramdomly.
When I try to use that online scanner it asks me to install it then I get another window that says : to dispaly this webpage again the web browser needs to resend the information you previously submitted.
Here is the first log:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 21/10/2011 9:08:11 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 21/10/2011 2:06:30 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 9:05:36 AM on 10/21/2011 was unexpected.

Log: 'System' Date/Time: 21/10/2011 1:58:03 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/10/2011 1:58:00 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/10/2011 1:58:00 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/10/2011 1:58:00 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/10/2011 1:57:59 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/10/2011 1:57:57 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 21/10/2011 1:57:56 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 21/10/2011 1:57:56 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 21/10/2011 1:57:31 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 21/10/2011 1:55:31 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The XAudioService service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 21/10/2011 2:51:02 AM
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

Log: 'System' Date/Time: 21/10/2011 2:50:55 AM
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

Log: 'System' Date/Time: 21/10/2011 2:17:04 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Application Information service entered the running state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Search service entered the running state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Computer Browser service entered the running state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Search service entered the running state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Diagnostic System Host service entered the running state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Internet Connection Sharing (ICS) service entered the stopped state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Remote Access Connection Manager service entered the running state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Image Acquisition (WIA) service entered the running state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Time service entered the running state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The IP Helper service entered the running state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The IPsec Policy Agent service entered the running state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The UPnP Device Host service entered the running state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Network List Service service entered the running state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The XAudioService service entered the running state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service entered the running state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Function Discovery Resource Publication service entered the running state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The SSDP Discovery service entered the running state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Computer Browser service entered the stopped state.

Log: 'System' Date/Time: 21/10/2011 2:08:05 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Portable Device Enumerator Service service entered the running state.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/10/2011 1:57:59 PM
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'SPOOLER' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 21/10/2011 1:57:59 PM
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'SPOOLER' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 21/10/2011 3:05:11 AM
Type: Warning Category: 0
Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 21/10/2011 3:05:11 AM
Type: Warning Category: 0
Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 21/10/2011 2:15:35 AM
Type: Warning Category: 0
Event: 19 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error occurred. Error Source: Corrected Machine Check Error Type: Bus/Interconnect Error Processor ID Valid: Yes Processor ID: 0x1 Bank Number: 4 Transaction Type: N/A Processor Participation: Local node observed the request as 3rd party Request Type: Generic Error Memory/Io: Generic Memory Hierarchy Level: Generic Timeout: No

Log: 'System' Date/Time: 21/10/2011 2:14:27 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Edited by Brandy Finley, 21 October 2011 - 08:15 AM.

#9
RKinner

Posted 21 October 2011 - 09:00 AM

Malware Expert

Expert
24,625 posts

Please run the cfscript with Combofix per my last post and copy and paste the log.

This error:

Log: 'System' Date/Time: 21/10/2011 3:05:11 AM
Type: Warning Category: 0
Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Usually means it is overheating. Is this a desktop or a laptop? Try speedfan

http://www.almico.com/sfdownload.php Click on Speedfan 4.44

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop. What it does on a laptop if it works is turn the fan on full which seems to help.
Also prop up the back of the laptop with a book (don't block the vents). If it's like my daughter's Dell laptop which I worked on this week it uses a heat pipe to transmit heat from the CPU to the heatsink. I don't think it works all that well. Propping it up in the back let's the heat rise to the heatsink which should make it cool a bit better.

I think we should just turn off Windows Search. It's not something you really need and it tends to be a resource hog.

(Start) right click on Computer and select Manage then Services and Applications then Services. In the right pane find Windows Search, right click on it and select Properties then change the Startup Type: to Disabled and Apply. Stop the services if it is running.

I am getting indications from some of my fellow helpers that this infection is a bit more complicated than I first assumed. Please run OTL again, Quickscan and post the logs.

Ron

#10
Brandy Finley

Posted 21 October 2011 - 01:28 PM

Member

Topic Starter
Member
11 posts

Ok I copied & pasted the CFSript like you asked me to. It got to stage 50 completed then I started seeing a DEP popping up again concerning grep.3EX being stopped and CF stopped responding. I will try CF again and post results. Tried running CF again and it got to stage 50 and oncve again I got the thing about grep.3ex being stopped.

Here is the OTL log:

OTL logfile created on: 21/10/2011 3:09:02 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brandy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 66.00% Memory free
3.74 Gb Paging File | 3.03 Gb Available in Paging File | 81.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.71 Gb Total Space | 106.19 Gb Free Space | 76.56% Space Free | Partition Type: NTFS
Drive D: | 10.33 Gb Total Space | 1.37 Gb Free Space | 13.23% Space Free | Partition Type: NTFS

Computer Name: BRANDY-PC | User Name: Brandy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/21 14:47:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brandy\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/15 01:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/05/14 17:33:54 | 000,580,608 | ---- | M] () -- C:\Program Files\1 Click & Lock\1cla.exe
PRC - [2009/04/11 08:18:35 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/03/02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/05/14 17:33:54 | 000,580,608 | ---- | M] () -- C:\Program Files\1 Click & Lock\1cla.exe
MOD - [2010/05/14 17:33:20 | 000,015,872 | ---- | M] () -- C:\Program Files\1 Click & Lock\kmhk.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/10/21 14:35:52 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{748C964D-A51C-4BDF-A622-B45943D36201}\MpKslfc837594.sys -- (MpKslfc837594)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/15 03:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/18 11:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/10 10:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/24 22:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/10/18 14:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/05/30 15:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

[2011/10/19 13:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandy\AppData\Roaming\Mozilla\Extensions
[2011/10/19 13:33:05 | 000,000,000 | ---D | M] (Browser UI Enhancement) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{567F62D2-2162-43FE-A573-E5620D0934B2}
[2011/10/19 13:33:02 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
[2011/10/19 13:33:00 | 000,000,000 | ---D | M] (Software Update Checker) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{F5CEF9AD-F6AF-4B69-AB6D-936BF6BCB6D7}
[2011/10/19 13:33:10 | 000,000,000 | ---D | M] (CometMarks Bookmark Synchronizer) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\[email protected]
[2011/10/19 13:33:09 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\BRANDY\APPDATA\ROAMING\COMETNETWORK\COMETBIRD\PROFILES\8ADQ4P59.DEFAULT\EXTENSIONS\{AFE43E80-0ABC-4DF2-81A0-3FE44B74ABE8}.XPI
() (No name found) -- C:\USERS\BRANDY\APPDATA\ROAMING\COMETNETWORK\COMETBIRD\PROFILES\8ADQ4P59.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BRANDY\APPDATA\ROAMING\COMETNETWORK\COMETBIRD\PROFILES\8ADQ4P59.DEFAULT\EXTENSIONS\{F18CE681-59C6-4A25-8ECB-E3E0FD7FBB44}.XPI
() (No name found) -- C:\USERS\BRANDY\APPDATA\ROAMING\COMETNETWORK\COMETBIRD\PROFILES\8ADQ4P59.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/10/20 20:58:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Gamers Unite! Snag Bar BHO) - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll ()
O4 - HKLM..\Run: [1cla.exe] c:\Program Files\1 Click & Lock\1cla.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\RunOnce: [*pagehostpack.exe] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pagehostpack.exe (©mySYStems)
F3 - HKCU WinNT: Load - (C:\PROGRA~1\1CLICK~1\1cla.exe) -C:\Program Files\1 Click & Lock\1cla.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{873A920F-CD95-434F-B1E4-B75EA9A9CD62}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/21 15:05:27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/21 15:05:01 | 000,209,920 | ---- | C] (©mySYStems) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pagehostpack.exe
[2011/10/21 14:47:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brandy\Desktop\OTL.exe
[2011/10/21 14:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/21 14:31:21 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011/10/21 14:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011/10/21 14:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/10/21 09:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/21 09:08:42 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\{ABB669D8-0092-47CA-B7A4-92C8F687EB19}
[2011/10/21 09:08:31 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\{793861FF-E0D4-49CB-A18E-5F9EDD4F2923}
[2011/10/21 00:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\1 Click & Lock
[2011/10/21 00:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1 Click & Lock
[2011/10/21 00:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\1 Click & Lock
[2011/10/20 21:04:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/20 21:04:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/20 21:04:17 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\temp
[2011/10/20 20:45:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/20 20:45:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/20 20:45:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/20 20:45:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/20 20:45:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/20 20:28:32 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Malwarebytes
[2011/10/20 20:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/20 20:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/20 20:28:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/20 20:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/20 20:26:05 | 000,061,440 | ---- | C] ( ) -- C:\Users\Brandy\Desktop\VEW.exe
[2011/10/20 20:23:44 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Brandy\Desktop\aswMBR.exe
[2011/10/20 20:23:26 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Brandy\Desktop\tdsskiller.exe
[2011/10/20 20:20:18 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Brandy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/20 20:18:56 | 004,269,231 | R--- | C] (Swearware) -- C:\Users\Brandy\Desktop\ComboFix.exe
[2011/10/20 20:13:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/20 17:16:14 | 000,000,000 | ---D | C] -- C:\Users\Brandy\Documents\My Received Files
[2011/10/20 17:15:52 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\{71B1E47F-9589-4606-B148-E6D70D7707C7}
[2011/10/20 17:15:40 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\{A5126343-8D6D-4DE2-A502-39DB79D2B83A}
[2011/10/20 17:14:56 | 000,000,000 | ---D | C] -- C:\Users\Brandy\Tracing
[2011/10/20 17:08:45 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/10/20 17:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/10/20 17:04:07 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\Windows Live
[2011/10/20 17:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/10/20 14:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Charles
[2011/10/20 14:13:12 | 004,646,210 | ---- | C] (XK72 Ltd) -- C:\Users\Brandy\Desktop\charles_setup_3.51.exe
[2011/10/20 14:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/10/20 14:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/10/19 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FarmVilleBot
[2011/10/19 18:55:46 | 000,000,000 | ---D | C] -- C:\FarmVilleBot_2.1
[2011/10/19 18:55:25 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\WinRAR
[2011/10/19 18:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/10/19 18:55:24 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/10/19 18:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/10/19 16:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/10/19 15:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2011/10/19 15:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2011/10/19 14:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/10/19 14:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/10/19 14:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/10/19 14:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/10/19 14:42:59 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Yahoo!
[2011/10/19 14:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/10/19 14:32:38 | 000,735,232 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2011/10/19 14:32:38 | 000,735,232 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2011/10/19 14:32:38 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011/10/19 14:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2011/10/19 14:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011/10/19 14:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/10/19 14:29:10 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/10/19 14:28:58 | 000,000,000 | ---D | C] -- C:\Boot
[2011/10/19 14:23:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/10/19 14:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/10/19 14:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/10/19 14:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/10/19 13:44:33 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Mozilla
[2011/10/19 13:41:43 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\CometNetwork
[2011/10/19 13:41:43 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\CometNetwork
[2011/10/19 13:37:36 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2011/10/19 13:34:09 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/10/19 13:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\CometBird
[2011/10/19 12:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/19 12:30:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/10/19 12:22:42 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Macromedia
[2011/10/19 12:22:42 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Adobe
[2011/10/19 12:22:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/10/19 12:10:26 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamers Unite! Snag Bar
[2011/10/19 12:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Gamers Unite! Snag Bar
[2011/10/19 11:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/10/19 11:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\Hp
[2011/10/19 11:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2011/10/19 11:54:02 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/10/19 11:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/10/19 11:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWaiting
[2011/10/19 11:46:08 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/10/19 11:46:08 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\BVRP Software
[2011/10/19 11:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2011/10/19 11:45:32 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\InstallShield
[2011/10/19 11:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/10/19 11:41:23 | 000,000,000 | ---D | C] -- C:\swsetup
[2011/10/19 11:40:31 | 000,000,000 | R--D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/10/19 11:40:31 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Searches
[2011/10/19 11:40:31 | 000,000,000 | R--D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/10/19 11:40:22 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Identities
[2011/10/19 11:40:20 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Contacts
[2011/10/19 11:40:19 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\VirtualStore
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\AppData\Local\Temporary Internet Files
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Templates
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Start Menu
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\SendTo
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Recent
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\PrintHood
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\NetHood
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Documents\My Videos
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Documents\My Pictures
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Documents\My Music
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\My Documents
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Local Settings
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\AppData\Local\History
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Cookies
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Application Data
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\AppData\Local\Application Data
[2011/10/19 11:40:13 | 000,000,000 | --SD | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Videos
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Saved Games
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Pictures
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Music
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Links
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Favorites
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Downloads
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Documents
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Desktop
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/10/19 11:40:13 | 000,000,000 | -H-D | C] -- C:\Users\Brandy\AppData
[2011/10/19 11:40:13 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\Microsoft

========== Files - Modified Within 30 Days ==========

[2011/10/21 15:04:39 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/21 15:04:34 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/21 14:59:39 | 000,002,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/21 14:59:38 | 000,002,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/21 14:59:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/21 14:59:22 | 1877,319,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/21 14:49:40 | 004,269,231 | R--- | M] (Swearware) -- C:\Users\Brandy\Desktop\ComboFix.exe
[2011/10/21 14:47:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brandy\Desktop\OTL.exe
[2011/10/21 14:31:21 | 000,000,804 | ---- | M] () -- C:\Users\Brandy\Desktop\SpeedFan.lnk
[2011/10/21 14:31:13 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011/10/21 14:30:32 | 000,000,000 | ---- | M] () -- C:\Users\Brandy\Desktop\initdebug.nfo
[2011/10/21 00:30:17 | 000,000,000 | ---- | M] () -- C:\Windows\1 Click & Lock.dat
[2011/10/21 00:30:15 | 000,000,815 | ---- | M] () -- C:\Users\Brandy\Desktop\1 Click & Lock.lnk
[2011/10/20 21:10:44 | 000,000,512 | ---- | M] () -- C:\Users\Brandy\Desktop\MBR.dat
[2011/10/20 20:58:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/20 20:28:27 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/20 20:26:07 | 000,061,440 | ---- | M] ( ) -- C:\Users\Brandy\Desktop\VEW.exe
[2011/10/20 20:23:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Brandy\Desktop\aswMBR.exe
[2011/10/20 20:23:35 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brandy\Desktop\tdsskiller.exe
[2011/10/20 20:20:49 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Brandy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/20 17:34:14 | 000,230,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/20 13:12:33 | 000,000,577 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\CityVilleBot.lnk
[2011/10/20 12:54:45 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/20 12:54:45 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/19 18:59:10 | 000,000,685 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot Lite.lnk
[2011/10/19 18:59:10 | 000,000,660 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot.lnk
[2011/10/19 16:18:25 | 000,000,943 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/19 15:32:55 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/10/19 15:32:55 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/10/19 15:32:28 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/10/19 15:30:56 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/10/19 14:45:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2011/10/19 14:41:39 | 000,000,966 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/19 14:29:00 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/10/19 14:19:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/10/19 13:35:25 | 000,048,744 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/10/19 13:34:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/10/19 13:33:40 | 000,000,840 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\CometBird.lnk
[2011/10/19 12:57:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/19 11:57:06 | 000,006,656 | ---- | M] () -- C:\Windows\System32\bcmwlrc.dll
[2011/10/19 11:40:39 | 000,000,680 | ---- | M] () -- C:\Users\Brandy\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/10/21 14:31:21 | 000,000,804 | ---- | C] () -- C:\Users\Brandy\Desktop\SpeedFan.lnk
[2011/10/21 14:30:32 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2011/10/21 14:30:31 | 000,000,000 | ---- | C] () -- C:\Users\Brandy\Desktop\initdebug.nfo
[2011/10/21 13:59:22 | 1877,319,680 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/21 00:30:17 | 000,000,000 | ---- | C] () -- C:\Windows\1 Click & Lock.dat
[2011/10/21 00:30:15 | 000,000,815 | ---- | C] () -- C:\Users\Brandy\Desktop\1 Click & Lock.lnk
[2011/10/21 00:30:14 | 000,047,104 | ---- | C] () -- C:\Windows\1 Click & Lock.scr
[2011/10/20 21:10:44 | 000,000,512 | ---- | C] () -- C:\Users\Brandy\Desktop\MBR.dat
[2011/10/20 20:45:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/20 20:45:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/20 20:45:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/20 20:45:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/20 20:45:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/20 20:28:27 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/20 13:12:33 | 000,000,577 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\CityVilleBot.lnk
[2011/10/19 18:59:10 | 000,000,685 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot Lite.lnk
[2011/10/19 18:59:10 | 000,000,660 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot.lnk
[2011/10/19 15:32:28 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/10/19 15:30:56 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/10/19 14:45:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2011/10/19 14:41:39 | 000,000,966 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/19 14:32:38 | 000,010,844 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2011/10/19 14:32:38 | 000,006,483 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2011/10/19 14:29:00 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2011/10/19 14:28:59 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2011/10/19 14:23:20 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/10/19 14:19:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/10/19 13:34:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/10/19 13:33:40 | 000,000,840 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\CometBird.lnk
[2011/10/19 12:57:38 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/19 12:54:29 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/19 12:39:38 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/10/19 12:28:17 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/10/19 12:28:17 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/10/19 12:28:17 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/10/19 12:03:49 | 000,000,943 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/19 11:55:08 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011/10/19 11:53:24 | 006,815,264 | ---- | C] () -- C:\Windows\System\DriveIcon.dll
[2011/10/19 11:43:14 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/10/19 11:42:01 | 000,002,016 | ---- | C] () -- C:\Windows\System32\nvsmb.nvu
[2011/10/19 11:40:33 | 000,000,949 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/19 11:40:30 | 000,000,944 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/10/19 11:40:20 | 000,000,915 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/10/19 11:40:15 | 000,000,680 | ---- | C] () -- C:\Users\Brandy\AppData\Local\d3d9caps.dat
[2011/10/19 11:40:13 | 000,000,258 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/10/19 11:40:13 | 000,000,240 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/04/11 08:18:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/11 08:18:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 08:18:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,230,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2011/10/19 13:41:43 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\CometNetwork
[2011/10/21 14:21:48 | 000,011,086 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Edited by Brandy Finley, 21 October 2011 - 02:32 PM.

#11
RKinner

Posted 21 October 2011 - 03:54 PM

Malware Expert

Expert
24,625 posts

I think I killed off your OTL so please download a new copy and save it to your desktop.

Boot into Safe Mode with Networking (Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:files
c:\users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
c:\users\Brandy\AppData\840D0BD32EA1B2DD25565628CF5218BF
c:\Users\Brandy\AppData\Local\Temp\err.*
c:\Users\Brandy\Desktop\zentom system guard.lnk 
c:\Users\Brandy\AppData\Roaming\microsoft\internet explorer\quick launch\zentom system guard.lnk 
c:\Users\Brandy\AppData\Roaming\microsoft\Windows\start menu\Programs\zentom system guard
C:\Users\Brandy\*.exe
C:\Users\Brandy\AppData\Roaming\7601EDE860C62B483F6A38F30E6CEE14
dir C:\Users\Brandy\AppData\Roaming /c
dir C:\Users\Brandy\AppData\ /c

:reg
[-HKEY_CURRENT_USER\SOFTWARE\ZENTOM SYSTEM GUARD INC]
[-HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZENTOM SYSTEM GUARD]
[-HKEY_CURRENT_USER\SESSIONINFORMATION]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[-HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE]
[HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE]
    
:Commands
[EMPTYJAVA]
[Reboot]

#12
Brandy Finley

Posted 21 October 2011 - 04:00 PM

Member

Topic Starter
Member
11 posts

Microsoft Security Essentials had detected this:

Rogue:Win32/FakeYak
Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
file:C:\Users\Brandy\AppData\Roaming\adslcorequeue.exe
regkey:HKCU@S-1-5-21-3953156620-2809841672-2365079472-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\*adslcorequeue.exe
runonce:HKCU@S-1-5-21-3953156620-2809841672-2365079472-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\*adslcorequeue.exe
Items:
file:C:\Users\Brandy\catprovacl.exe
regkey:HKCU@S-1-5-21-3953156620-2809841672-2365079472-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\*catprovacl.exe
runonce:HKCU@S-1-5-21-3953156620-2809841672-2365079472-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\*catprovacl.exe
Items:
file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pagehostpack.exe
Items:
file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pagehostpack.exe
regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\*pagehostpack.exe
runonce:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\*pagehostpack.exe
Items:
file:C:\Users\Brandy\AppData\Roaming\adslcorequeue.exe
file:C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\actionproxyobj.exe

http://www.microsoft...atid=2147632663 this is what Microsoft has to say about this infection.

#13
RKinner

Posted 21 October 2011 - 04:04 PM

Malware Expert

Expert
24,625 posts

Looks like MSSE is aware of the infection. I wonder if it got it all? Reboot and then run OTL again (quickscan) and paste the log.

#14
Brandy Finley

Posted 21 October 2011 - 04:26 PM

Member

Topic Starter
Member
11 posts

OTL logfile created on: 21/10/2011 5:20:34 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brandy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 67.36% Memory free
3.74 Gb Paging File | 3.23 Gb Available in Paging File | 86.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.71 Gb Total Space | 105.99 Gb Free Space | 76.41% Space Free | Partition Type: NTFS
Drive D: | 10.33 Gb Total Space | 1.47 Gb Free Space | 14.18% Space Free | Partition Type: NTFS

Computer Name: BRANDY-PC | User Name: Brandy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/21 14:47:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brandy\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/15 01:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/05/14 17:33:54 | 000,580,608 | ---- | M] () -- C:\Program Files\1 Click & Lock\1cla.exe
PRC - [2009/04/11 08:18:35 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/03/02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/05/14 17:33:54 | 000,580,608 | ---- | M] () -- C:\Program Files\1 Click & Lock\1cla.exe
MOD - [2010/05/14 17:33:20 | 000,015,872 | ---- | M] () -- C:\Program Files\1 Click & Lock\kmhk.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/10/21 17:19:16 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18FA756F-2B44-4828-B4E6-F49163D77212}\MpKslc7849464.sys -- (MpKslc7849464)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/15 03:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/18 11:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/10 10:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/24 22:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/10/18 14:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/05/30 15:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

[2011/10/19 13:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandy\AppData\Roaming\Mozilla\Extensions
[2011/10/19 13:33:05 | 000,000,000 | ---D | M] (Browser UI Enhancement) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{567F62D2-2162-43FE-A573-E5620D0934B2}
[2011/10/19 13:33:02 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
[2011/10/19 13:33:00 | 000,000,000 | ---D | M] (Software Update Checker) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{F5CEF9AD-F6AF-4B69-AB6D-936BF6BCB6D7}
[2011/10/19 13:33:10 | 000,000,000 | ---D | M] (CometMarks Bookmark Synchronizer) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\[email protected]
[2011/10/19 13:33:09 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\BRANDY\APPDATA\ROAMING\COMETNETWORK\COMETBIRD\PROFILES\8ADQ4P59.DEFAULT\EXTENSIONS\{AFE43E80-0ABC-4DF2-81A0-3FE44B74ABE8}.XPI
() (No name found) -- C:\USERS\BRANDY\APPDATA\ROAMING\COMETNETWORK\COMETBIRD\PROFILES\8ADQ4P59.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BRANDY\APPDATA\ROAMING\COMETNETWORK\COMETBIRD\PROFILES\8ADQ4P59.DEFAULT\EXTENSIONS\{F18CE681-59C6-4A25-8ECB-E3E0FD7FBB44}.XPI
() (No name found) -- C:\USERS\BRANDY\APPDATA\ROAMING\COMETNETWORK\COMETBIRD\PROFILES\8ADQ4P59.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/10/20 20:58:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Gamers Unite! Snag Bar BHO) - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll ()
O4 - HKLM..\Run: [1cla.exe] c:\Program Files\1 Click & Lock\1cla.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
F3 - HKCU WinNT: Load - (C:\PROGRA~1\1CLICK~1\1cla.exe) -C:\Program Files\1 Click & Lock\1cla.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{873A920F-CD95-434F-B1E4-B75EA9A9CD62}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/21 15:14:34 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/21 14:47:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brandy\Desktop\OTL.exe
[2011/10/21 14:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/21 14:31:21 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011/10/21 14:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011/10/21 14:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/10/21 09:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/21 09:08:42 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\{ABB669D8-0092-47CA-B7A4-92C8F687EB19}
[2011/10/21 09:08:31 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\{793861FF-E0D4-49CB-A18E-5F9EDD4F2923}
[2011/10/21 00:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\1 Click & Lock
[2011/10/21 00:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1 Click & Lock
[2011/10/21 00:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\1 Click & Lock
[2011/10/20 21:04:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/20 21:04:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/20 21:04:17 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\temp
[2011/10/20 20:45:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/20 20:45:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/20 20:45:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/20 20:45:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/20 20:45:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/20 20:28:32 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Malwarebytes
[2011/10/20 20:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/20 20:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/20 20:28:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/20 20:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/20 20:26:05 | 000,061,440 | ---- | C] ( ) -- C:\Users\Brandy\Desktop\VEW.exe
[2011/10/20 20:23:44 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Brandy\Desktop\aswMBR.exe
[2011/10/20 20:23:26 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Brandy\Desktop\tdsskiller.exe
[2011/10/20 20:20:18 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Brandy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/20 20:18:56 | 004,269,231 | R--- | C] (Swearware) -- C:\Users\Brandy\Desktop\ComboFix.exe
[2011/10/20 20:13:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/20 17:16:14 | 000,000,000 | ---D | C] -- C:\Users\Brandy\Documents\My Received Files
[2011/10/20 17:15:52 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\{71B1E47F-9589-4606-B148-E6D70D7707C7}
[2011/10/20 17:15:40 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\{A5126343-8D6D-4DE2-A502-39DB79D2B83A}
[2011/10/20 17:14:56 | 000,000,000 | ---D | C] -- C:\Users\Brandy\Tracing
[2011/10/20 17:08:45 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/10/20 17:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/10/20 17:04:07 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\Windows Live
[2011/10/20 17:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/10/20 14:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Charles
[2011/10/20 14:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/10/20 14:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/10/19 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FarmVilleBot
[2011/10/19 18:55:46 | 000,000,000 | ---D | C] -- C:\FarmVilleBot_2.1
[2011/10/19 18:55:25 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\WinRAR
[2011/10/19 18:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/10/19 18:55:24 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/10/19 18:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/10/19 16:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/10/19 15:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2011/10/19 15:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2011/10/19 14:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/10/19 14:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/10/19 14:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/10/19 14:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/10/19 14:42:59 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Yahoo!
[2011/10/19 14:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/10/19 14:32:38 | 000,735,232 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2011/10/19 14:32:38 | 000,735,232 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2011/10/19 14:32:38 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011/10/19 14:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2011/10/19 14:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011/10/19 14:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/10/19 14:29:10 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/10/19 14:28:58 | 000,000,000 | ---D | C] -- C:\Boot
[2011/10/19 14:23:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/10/19 14:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/10/19 14:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/10/19 14:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/10/19 13:44:33 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Mozilla
[2011/10/19 13:41:43 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\CometNetwork
[2011/10/19 13:41:43 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\CometNetwork
[2011/10/19 13:37:36 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2011/10/19 13:34:09 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/10/19 13:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\CometBird
[2011/10/19 12:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/19 12:30:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/10/19 12:22:42 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Macromedia
[2011/10/19 12:22:42 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Adobe
[2011/10/19 12:22:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/10/19 12:10:26 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamers Unite! Snag Bar
[2011/10/19 12:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Gamers Unite! Snag Bar
[2011/10/19 11:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/10/19 11:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\Hp
[2011/10/19 11:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2011/10/19 11:54:02 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/10/19 11:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/10/19 11:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWaiting
[2011/10/19 11:46:08 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/10/19 11:46:08 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\BVRP Software
[2011/10/19 11:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2011/10/19 11:45:32 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\InstallShield
[2011/10/19 11:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/10/19 11:41:23 | 000,000,000 | ---D | C] -- C:\swsetup
[2011/10/19 11:40:31 | 000,000,000 | R--D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/10/19 11:40:31 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Searches
[2011/10/19 11:40:31 | 000,000,000 | R--D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/10/19 11:40:22 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Roaming\Identities
[2011/10/19 11:40:20 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Contacts
[2011/10/19 11:40:19 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\VirtualStore
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\AppData\Local\Temporary Internet Files
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Templates
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Start Menu
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\SendTo
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Recent
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\PrintHood
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\NetHood
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Documents\My Videos
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Documents\My Pictures
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Documents\My Music
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\My Documents
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Local Settings
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\AppData\Local\History
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Cookies
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\Application Data
[2011/10/19 11:40:14 | 000,000,000 | -HSD | C] -- C:\Users\Brandy\AppData\Local\Application Data
[2011/10/19 11:40:13 | 000,000,000 | --SD | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Videos
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Saved Games
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Pictures
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Music
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Links
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Favorites
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Downloads
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Documents
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\Desktop
[2011/10/19 11:40:13 | 000,000,000 | R--D | C] -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/10/19 11:40:13 | 000,000,000 | -H-D | C] -- C:\Users\Brandy\AppData
[2011/10/19 11:40:13 | 000,000,000 | ---D | C] -- C:\Users\Brandy\AppData\Local\Microsoft

========== Files - Modified Within 30 Days ==========

[2011/10/21 17:19:36 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/21 17:19:35 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/21 17:19:16 | 000,002,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/21 17:19:16 | 000,002,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/21 17:19:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/21 17:19:01 | 1877,311,488 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/21 14:49:40 | 004,269,231 | R--- | M] (Swearware) -- C:\Users\Brandy\Desktop\ComboFix.exe
[2011/10/21 14:47:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brandy\Desktop\OTL.exe
[2011/10/21 14:31:21 | 000,000,804 | ---- | M] () -- C:\Users\Brandy\Desktop\SpeedFan.lnk
[2011/10/21 14:31:13 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011/10/21 14:30:32 | 000,000,000 | ---- | M] () -- C:\Users\Brandy\Desktop\initdebug.nfo
[2011/10/21 00:30:17 | 000,000,000 | ---- | M] () -- C:\Windows\1 Click & Lock.dat
[2011/10/21 00:30:15 | 000,000,815 | ---- | M] () -- C:\Users\Brandy\Desktop\1 Click & Lock.lnk
[2011/10/20 21:10:44 | 000,000,512 | ---- | M] () -- C:\Users\Brandy\Desktop\MBR.dat
[2011/10/20 20:58:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/20 20:28:27 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/20 20:26:07 | 000,061,440 | ---- | M] ( ) -- C:\Users\Brandy\Desktop\VEW.exe
[2011/10/20 20:23:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Brandy\Desktop\aswMBR.exe
[2011/10/20 20:23:35 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brandy\Desktop\tdsskiller.exe
[2011/10/20 20:20:49 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Brandy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/20 17:34:14 | 000,230,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/20 13:12:33 | 000,000,577 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\CityVilleBot.lnk
[2011/10/20 12:54:45 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/20 12:54:45 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/19 18:59:10 | 000,000,685 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot Lite.lnk
[2011/10/19 18:59:10 | 000,000,660 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot.lnk
[2011/10/19 16:18:25 | 000,000,943 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/19 15:32:55 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/10/19 15:32:55 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/10/19 15:32:28 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/10/19 15:30:56 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/10/19 14:45:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2011/10/19 14:41:39 | 000,000,966 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/19 14:29:00 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/10/19 14:19:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/10/19 13:35:25 | 000,048,744 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/10/19 13:34:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/10/19 13:33:40 | 000,000,840 | ---- | M] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\CometBird.lnk
[2011/10/19 12:57:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/19 11:57:06 | 000,006,656 | ---- | M] () -- C:\Windows\System32\bcmwlrc.dll
[2011/10/19 11:40:39 | 000,000,680 | ---- | M] () -- C:\Users\Brandy\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/10/21 14:31:21 | 000,000,804 | ---- | C] () -- C:\Users\Brandy\Desktop\SpeedFan.lnk
[2011/10/21 14:30:32 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2011/10/21 14:30:31 | 000,000,000 | ---- | C] () -- C:\Users\Brandy\Desktop\initdebug.nfo
[2011/10/21 13:59:22 | 1877,311,488 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/21 00:30:17 | 000,000,000 | ---- | C] () -- C:\Windows\1 Click & Lock.dat
[2011/10/21 00:30:15 | 000,000,815 | ---- | C] () -- C:\Users\Brandy\Desktop\1 Click & Lock.lnk
[2011/10/21 00:30:14 | 000,047,104 | ---- | C] () -- C:\Windows\1 Click & Lock.scr
[2011/10/20 21:10:44 | 000,000,512 | ---- | C] () -- C:\Users\Brandy\Desktop\MBR.dat
[2011/10/20 20:45:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/20 20:45:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/20 20:45:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/20 20:45:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/20 20:45:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/20 20:28:27 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/20 13:12:33 | 000,000,577 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\CityVilleBot.lnk
[2011/10/19 18:59:10 | 000,000,685 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot Lite.lnk
[2011/10/19 18:59:10 | 000,000,660 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot.lnk
[2011/10/19 15:32:28 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/10/19 15:30:56 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/10/19 14:45:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2011/10/19 14:41:39 | 000,000,966 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/19 14:32:38 | 000,010,844 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2011/10/19 14:32:38 | 000,006,483 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2011/10/19 14:29:00 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2011/10/19 14:28:59 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2011/10/19 14:23:20 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/10/19 14:19:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/10/19 13:34:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/10/19 13:33:40 | 000,000,840 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\CometBird.lnk
[2011/10/19 12:57:38 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/19 12:54:29 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/19 12:39:38 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/10/19 12:28:17 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/10/19 12:28:17 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/10/19 12:28:17 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/10/19 12:03:49 | 000,000,943 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/19 11:55:08 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011/10/19 11:53:24 | 006,815,264 | ---- | C] () -- C:\Windows\System\DriveIcon.dll
[2011/10/19 11:43:14 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/10/19 11:42:01 | 000,002,016 | ---- | C] () -- C:\Windows\System32\nvsmb.nvu
[2011/10/19 11:40:33 | 000,000,949 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/19 11:40:30 | 000,000,944 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/10/19 11:40:20 | 000,000,915 | ---- | C] () -- C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/10/19 11:40:15 | 000,000,680 | ---- | C] () -- C:\Users\Brandy\AppData\Local\d3d9caps.dat
[2011/10/19 11:40:13 | 000,000,258 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/10/19 11:40:13 | 000,000,240 | ---- | C] () -- C:\Users\Brandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/04/11 08:18:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/11 08:18:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 08:18:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,230,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2011/10/19 13:41:43 | 000,000,000 | ---D | M] -- C:\Users\Brandy\AppData\Roaming\CometNetwork
[2011/10/21 17:18:13 | 000,011,846 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#15
RKinner

Posted 21 October 2011 - 05:09 PM

Malware Expert

Expert
24,625 posts

I think you got it. Let's clear the System Restore so we don't accidentally reinstall it:

Copy the following:


:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That should get the last of the malware off the system.

Any more signs of the infection? I would let MSSE do another scan to make sure it doesn't keep finding it.

Ron